Organization of law education, dissemination of knowledge, and skills of personal data protection for students in Vietnam

Organization of law education, dissemination of knowledge, and skills of personal data protection for students in Vietnam (Internet image)

On August 22, 2024, the Ministry of Education and Training issued Official Dispatch 4567/BGDDT-CNTT on strengthening the protection of personal data and network information security in Vietnam.

Organization of law education, dissemination of knowledge, and skills of personal data protection for students in Vietnam

In order to thoroughly grasp and implement the regulations of Decree 13/2023/ND-CP in relevant activities of the sector, the Ministry of Education and Training requests the Departments of Education and Training, universities, academies, colleges, and teacher training colleges (hereinafter referred to as units) to strengthen the review and implement the following contents, for example:

Strengthen the organization of dissemination, propaganda, and ensure strict adherence to the provisions of Decree 13/2023/ND-CP to units and individuals under their management, especially those directly involved in managing, exploiting, and processing personal data;

Organize legal education, communication, dissemination of knowledge and skills to protect personal data for students properly.

In addition, review the internal regulations and mechanisms for managing, operating, exploiting, and using information systems/databases under the unit’s management and subordinate units to integrate current legal regulations on personal data protection, clearly specifying the responsibility of agencies, organizations, and individuals involved in protecting personal data and handling responsibilities for violations within their responsibility.

Review units and departments involved in collecting and processing personal data; classify collected and processed personal data; assess data collection and processing procedures to issue or propose appropriate management measures and assign corresponding data protection responsibilities according to Decree 13/2023/ND-CP.

Review security and safety of systems and implement necessary technical measures for information systems/databases under their management; regularly check, maintain, and upgrade systems to promptly detect and remedy technical vulnerabilities, avoiding risks that compromise system security and lead to personal data disclosure and loss.

For units utilizing enterprise services to maintain and operate information systems/databases, ensure that data under unit management remains within their control; businesses should not access data (including personal data) without unit’s consent.

Additionally, for managing and utilizing the education sector’s databases: train officials, public employees and workers to study and implement the provisions of Circular 42/2021/TT-BGDDT dated December 30, 2021, regulating educational and training databases.

Clearly define responsibilities for account protection, network information security, and personal data protection; pay special attention to managing access accounts: do not share accounts, set complex passwords (minimum length of 8 characters, including numbers, upper case, lower case, and special characters), passwords must be changed regularly (maximum of 03 months for each password change).

Simultaneously, upon detecting violations of personal data protection regulations (especially in cases of illegal buying, selling, and transferring of personal data), promptly handle and report violations to personal data protection authorities (Cybersecurity and High-Tech Crime Prevention Department - Ministry of Public Security) and the Ministry of Education and Training of Vietnam (through the Information Technology Department) no later than 72 hours after the incident or detection of the violation according to Form No. 03 in the Appendix of Decree 13/2023/ND-CP.

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE